Skip to main content

Web Appliance

15 CVEs product

Monthly

CVE-2023-33336 MEDIUM This Month

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Sophos Web Appliance
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-1671 CRITICAL POC KEV THREAT Act Now

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Sophos Web Appliance
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2017-9523 MEDIUM This Month

The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sophos Web Appliance
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-6412 HIGH POC This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Session Fixation Sophos Information Disclosure Web Appliance
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
0.8%
CVE-2017-6184 MEDIUM This Month

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
CVSS 3.0
4.7
EPSS
1.2%
CVE-2017-6183 HIGH This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
CVSS 3.0
7.2
EPSS
3.0%
CVE-2017-6182 CRITICAL POC THREAT Emergency

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.9%.

Sophos Command Injection Web Appliance
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
14.9%
CVE-2016-9554 HIGH POC THREAT Act Now

The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

PHP Sophos Command Injection Web Appliance
NVD Exploit-DB VulDB
CVSS 3.0
7.2
EPSS
11.3%
CVE-2016-9553 HIGH POC This Week

The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Sophos Command Injection Web Appliance
NVD Exploit-DB VulDB
CVSS 3.0
7.2
EPSS
6.8%
CVE-2014-2850 HIGH POC THREAT Act Now

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.7%.

Command Injection Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
8.5
EPSS
75.7%
Threat
5.5
CVE-2014-2849 HIGH POC THREAT Act Now

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.5%.

Sophos Privilege Escalation Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
8.5
EPSS
76.5%
Threat
5.5
CVE-2013-2643 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sophos PHP Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-2642 CRITICAL POC THREAT Emergency

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Command Injection Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
9.3
EPSS
12.0%
CVE-2013-2641 MEDIUM POC THREAT This Month

Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%.

Path Traversal Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
82.3%
Threat
5.0
CVE-2013-4984 HIGH POC Act Now

The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Web Appliance
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
7.8%
EPSS 1% CVSS 4.8
MEDIUM This Month

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Sophos +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Sophos +1
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM This Month

The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sophos Web Appliance
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Session Fixation Sophos Information Disclosure +1
NVD Exploit-DB
EPSS 1% CVSS 4.7
MEDIUM This Month

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
EPSS 3% CVSS 7.2
HIGH This Week

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Emergency

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.9%.

Sophos Command Injection Web Appliance
NVD Exploit-DB
EPSS 11% CVSS 7.2
HIGH POC THREAT Act Now

The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

PHP Sophos Command Injection +1
NVD Exploit-DB VulDB
EPSS 7% CVSS 7.2
HIGH POC This Week

The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Sophos Command Injection +1
NVD Exploit-DB VulDB
EPSS 76% 5.5 CVSS 8.5
HIGH POC THREAT Act Now

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.7%.

Command Injection Sophos Web Appliance Firmware +1
NVD Exploit-DB VulDB
EPSS 76% 5.5 CVSS 8.5
HIGH POC THREAT Act Now

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.5%.

Sophos Privilege Escalation Web Appliance Firmware +1
NVD Exploit-DB VulDB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sophos PHP +2
NVD Exploit-DB VulDB
EPSS 12% CVSS 9.3
CRITICAL POC THREAT Emergency

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Command Injection Sophos Web Appliance Firmware +1
NVD Exploit-DB VulDB
EPSS 82% 5.0 CVSS 5.0
MEDIUM POC THREAT This Month

Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%.

Path Traversal Sophos Web Appliance Firmware +1
NVD Exploit-DB VulDB
EPSS 8% CVSS 7.2
HIGH POC Act Now

The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Web Appliance
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy